Trend Micro Found Botnets Being Hosted on Cloud Servers

Cyber threats and all forms of attacks have evolved through the years and their impact on individual and enterprise users could only be so much, a caveat worth taking seriously after security firm Trend Micro discovered a legion of botnets being maneuvered and harbored on cloud computing servers.

The malicious activity is meant to cover up the malware as an organic part of the traffic transiting end-to-end the corporate network and the cloud platform. In reality, as Trend Micro found, hackers are deploying the botnets using command and control codes for the cloud servers.

Some hackers are using DropBox as a host for the command and control operations of these botnets, which are made to penetrate network firewalls with the same impetus with which companies are migrating to cloud for business purposes. In the end, it’s the end users that bear the greater responsibility of helping to counter the attacks.

It might be recalled that there has been a similar kind of attack in the past where cybercriminals also employed cloud-based techniques to launch their attacks. In former times, these botnets and malware came in the form of small files that were not autonomous in terms of how they run on and infect various systems, thus an external controlling force was needed to direct them. That need heralded the rise of the command and control malicious software.

At present, the technique has grown more complex and sophisticated as hackers turn to popular cloud services such as Dropbox that will serve to house their malware tools. There is a clear reason behind this: users would hardly suspect that their traffic is in compromise when the activity runs through the wires of legitimate services like Dropbox or Amazon Cloud Services or any other cloud platform, which would only give the impression that the communication is being conducted on a safe traffic.

What is working behind all that actually is that the control and command software tool gives the malware instructions on how to perform what it has been intended to do: to inflict harm on computer systems by disabling first the security parameters.

The best and most advisable thing that users can do to counter the threats is to perform constant and regular monitoring of the network traffic with the use of software tools built ad hoc for that function. The first sign that an attack is being launched against your system is a rise in traffic flow to your company’s network. A quick test through analysis could also help to detect malicious activities happening on your organization’s network traffic.